The gang has been operating since 2014, installing card-skimming devices on about 400 ATMs per year to copy and clone data on payment cards, according to Europe's law enforcement intelligence agency, Europol.

"The forged cards were then used to make illegal transactions in 200 ATMs outside the European Union, mainly in the USA, the Dominican Republic, Malaysia, Indonesia, Vietnam, Peru the Philippines and Costa Rica," Europol says, noting that at least 3,000 EU citizens were affected by the criminal network.

In an effort to break up the criminal operation, Europol says 31 suspects have been arrested - 21 in Spain, nine in Bulgaria and one in the Czech Republic. "The suspects were in possession of equipment used to forge payment cards, payment card data readers-recorders, skimmers, micro cameras, devices to manipulate ATMs, as well as cash and numerous counterfeit cards," Europol says (see Why Skimming Will Grow in 2017).

Police also conducted 48 house searches - 14 in Spain and 34 in Bulgaria.

Micro camera ATM modification uncovered by Spanish police as part of their investigation. (Source: Europol)

The effort involved a joint investigation team that included prosecuting and investigating authorities in Spain and Bulgaria, supported by criminal intelligence from Europol, as well as support from Eurojust, the EU agency that handles cross-border judicial cooperation relating to criminal matters.

"An entire criminal network was taken down and, as a result, is no longer able to defraud innocent victims, thanks to the joint efforts of the Spanish and Bulgarian prosecuting authorities, and the valuable support provided by their national desks at Eurojust," says Francisco Jiménez-Villarejo, the national member for Spain at Eurojust.

Europol referred requests for more information about when the arrests and searches were carried out to relevant national authorities. They could not be immediately reached for comment.

But Steven Wilson, who heads Europol's European Cybercrime Center - EC3 - says that operations of this nature are thanks to continuing investments in EU law enforcement intelligence sharing as well as buy-in from EU member states. "Police forces in the EU are utilizing Europol's unique tools to ensure that electronic payment transactions are made safer," he says. "We are continuously investing more resources into this vital support platform, and now we are seeing the results of this essential work."

Card Skimming Attacks Decline

The overall volume of skimming attacks in Europe has continued to decline. "The downward trend for card skimming continues with 3,315 card skimming incidents reported, down 20 percent from 4,131 in 2015," the European Association for Secure Transactions says in an April report. "This is the lowest number of skimming incidents reported since 2005."

Based on data collected by EAST in February from 19 European countries and five other countries that participate in the group - including Brazil, Canada, Russia and the United States - 18 of those countries reported seeing card skimming attacks.

Alert: Deep Insert Skimmers

Various types of skimmers recovered by authorities. (Source: NCR)

Five countries have also reported seeing continued use of internal skimming devices. "The read head on this type of device is placed at various locations inside the motorized card reader behind the shutter," according to a teardown of card data compromise devices published by EAST. "This type of device is also sometimes referred to as a 'deep insert' skimming device."

It's not clear if the suspects arrested in Spain and Bulgaria have been accused of using deep-insert skimmers. But the devices were the focus of a February alert issued by ATM manufacturer NCR, which said it received reports of attacks utilizing such devices in the United States against ATMs built by multiple manufacturers, including NCR.

"A deep insert skimmer is different from a typical insert skimmer. This is a skimmer that is placed inside the card reader by insertion through the card slot," NCR says. "Once in place, it is hidden from view to the consumer using the ATM. Use of deep insert skimmers has emerged because they cannot be detected or jammed by anti-skimming equipment designed to prevent fraud through skimmers attached on the ATM fascia."

NCR recommends frequent manual checks of ATMs by trained personnel to try and spot these types of skimmers, and the manufacturer has published a guide.

Various third-party products are also available that purport to help block the use of these skimmers, but NCR says it does not endorse their use. "There are third-party hardware products available which can be fitted inside the card reader and are designed to inhibit placement of the deep insert skimmer," it says. "NCR does not endorse any particular product."

Instead, NCR says it plans to issue a hardware update this month for motorized card readers that it manufactures that's designed to block deep insert skimmers from being used.

Skimming: Beyond ATMs

Most skimming attacks target ATMs. But EAST says eight countries in February reported that they had recently seen skimmers being used against other devices. In particular, four countries reported that unattended payment terminals - UPTs - at petrol stations had been targeted with skimmers. One country also reported seeing an internal skimming device used on a public transport ticket machine, EAST says.

As seen in the alleged payment card fraud operation disrupted by authorities in Bulgaria and Spain, criminals who successfully obtain card data via skimming devices often attempt to use that data outside Europe. As of February, financial institutions in 45 countries that work with EAST, as well as 9 countries inside the Single Euro Payments Area, reported seeing losses due to skimming. The greatest skimming-related losses were seen in the United States, Indonesia and India, EAST reports.

About the Author

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.